Client Server - Security is better as it is centralised and one person's responsibility

7 of 16

Factors when designing security policies

The Data Protection Act puts an onus on the council to keep the information secure because of its potential for misuse

Physical Security - This involves protecting hardware and software using physical rather than software methods to restrict access to the computer equipment or the sotrage medium (Locks, guards, biometric methods)

Continuous investigation of irregularities - (e.g. Query any transactions that are out of the ordinary for the customer)

Operational Procedures - Including disaster recovery planning and dealing with threats from viruses, by doing backups and updating antivirus software (to help prevent and deal with loss of data)

8 of 16

Remote Management

Tasks using Remote Management

Central Backup - Easier to backup data by being able to do it from one central location

Central Pool of data/documents - All staff can access data from a central pool of data

User management/Monitoring - Better moitoring (in real-time) of what all staff are using their systems for

Collaborative Working - Staff can work jointly on the same document at the same time

Check to see right number of licenses

Log off users who have forgotten to do so

Setting regular times for virus scanning

Guide users through problems

Take control of stations

9 of 16

User Accounts and Logs

General Points

Auditing keeps a record or who has done what on the network

Allows the manager or system to manage user accounts by allocation of access levels to users

Auditing is used to identify abuses of the system by authorised staff

Auditing investigates instances of unauthorised access (hackers)

Full answer

Auditing keeps a record of:

Who is logged on (usernames)

What: Details of files accessed/programs they used

When: The times they logged on and off

10 of 16

Disaster Recovery

Cost

Set up a budget for it (the plan)

Hardware can be replaced depending on how much money they have

Risk (assessment)

What problems could occur?

Likelihood of them occuring

Data (consider)

No business can afford to lose its data

Backups of all data should be regularly made. This means that the worst case scenario is that the business has to go back to the situation of the last backup and carry on from there. Backups may take a long time - often tape-streamed at night.

Procedures

Produce procedures for minimising risks

Test the plan on a regular basis to make sure it is still sufficient

11 of 16

Code of Conduct

Code of conduct - A set of rules and agreement drawn up by managers and their employees.

Set up auditing procedues to detect misuse - Who/what/when. Contiguous investigation of regularities, query any transaction out of the ordinary

13 of 16

Misuse of facilities

Introduction of viruses - downloading games/ not keeping virus scanners up to date

Using company time for personal email - supposed to be doing other tasks

Misuse of data for their own business - setting a business up/mailing lists

Taking data from the system and not protecting it - losing laptop

Penalities:

Dismissal

Written warnings

14 of 16

Legal and Moral Issues - code of conduct

Disinformation

Not fully informing potential customers or clients of all available facts concerning products or services

Estate Agent

Legal = Properties Act, False information in adverts

Moral = a property developer not telling his client the property has subsidence problems or a violent history

15 of 16

Legal and Moral Issues - code of conduct

Privacy

Informing data subjects of their legal rights and processes for complying with those rightsICT systems allow organsiations to hold data on the public
People are not always aware of their rights and not all organisations are ethical in using this data

Legal = Data Protection Act

Moral = An employee using company data to create mailing lists for his own private home business